r18307 - in /packages/unstable/nautilus-python/debian: changelog patches/50_CVE-2009-0317.patch

[joss at users.alioth.debian.org]

Author: joss
Date: Mon Feb  2 09:24:59 2009
New Revision: 18307

URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=18307
Log:
* Non-maintainer upload.
* Fix CVE-2009-0317: untrusted search path vulnerability.
  + Added patch: 50_CVE-2009-0317.patch
  + Closes: #513419
* Urgency high for fixing a security RC bug.

Added:
    packages/unstable/nautilus-python/debian/patches/50_CVE-2009-0317.patch
Modified:
    packages/unstable/nautilus-python/debian/changelog

Modified: packages/unstable/nautilus-python/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/packages/unstable/nautilus-python/debian/changelog?rev=18307&op=diff
==============================================================================
--- packages/unstable/nautilus-python/debian/changelog (original)
+++ packages/unstable/nautilus-python/debian/changelog Mon Feb  2 09:24:59 2009
@@ -8,6 +8,16 @@
   * Acknowledge NMU, thanks Evgeni Golov.
 
  -- Loic Minier <lool at dooz.org>  Sat, 05 Jul 2008 18:24:46 +0200
+
+nautilus-python (0.4.3-3.2) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Fix CVE-2009-0317: untrusted search path vulnerability.
+    + Added patch: 50_CVE-2009-0317.patch
+    + Closes: #513419
+  * Urgency high for fixing a security RC bug.
+
+ -- Evgeni Golov <sargentd at die-welt.net>  Sun, 01 Feb 2009 23:34:17 +0100
 
 nautilus-python (0.4.3-3.1) unstable; urgency=low
 

Added: packages/unstable/nautilus-python/debian/patches/50_CVE-2009-0317.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/packages/unstable/nautilus-python/debian/patches/50_CVE-2009-0317.patch?rev=18307&op=file
==============================================================================
--- packages/unstable/nautilus-python/debian/patches/50_CVE-2009-0317.patch (added)
+++ packages/unstable/nautilus-python/debian/patches/50_CVE-2009-0317.patch Mon Feb  2 09:24:59 2009
@@ -1,0 +1,10 @@
+--- a/src/nautilus-python.c	2006-02-15 22:25:20.000000000 +0100
++++ b/src/nautilus-python.c	2009-01-29 09:46:13.000000000 +0100
+@@ -134,6 +134,7 @@
+ 
+ 	Py_Initialize();
+ 	PySys_SetArgv(1, argv);
++	PyRun_SimpleString("import sys; sys.path = filter(None, sys.path)");
+ 
+ 	/* pygtk.require("2.0") */
+ 	pygtk = PyImport_ImportModule("pygtk");